GDPR And Data Processing

Emiko may process personal data depending on customer configuration, enabled modules, operational use, support activity and payment or billing setup. The relevant GDPR assessment depends on the processing purpose, role allocation, data categories, subprocessors, retention and security measures.

Data That May Be Personal Data

Depending on the specific setup and purpose, Emiko may process data that is personal data when it relates to an identified or identifiable person. This may include:

• user names, contact information, e-mail addresses and login identifiers
• roles, permissions, access rights, access requests and approvals when linked to a user, account, access credential or approval flow
• access events, audit logs and activity records when linked to a user, session, access credential or performed action
• support data, diagnostics and security logs where they identify or can reasonably identify a user, contact, account, device holder or support case
• technical identifiers such as IP addresses, device identifiers and security telemetry when linked or linkable to a person, account, session or access event
• RFID or card identifiers where they identify or can be linked to a user or cardholder
• consumption, session, billing, invoice or payment-related references where enabled and linkable to a person

Operational measurement data, roles, permissions and technical logs are not automatically personal data in isolation. They become personal data when they identify a person or can reasonably be linked to a person, account, access credential, session or support case.

Roles And Responsibilities

The customer or Partner will normally be the data controller for customer users, sites, equipment and operational use of Emiko.

Vikingegaarden will normally act as data processor for customer-controlled data processed in Emiko. Vikingegaarden may also act as data controller for its own business, support, administration, security and supplier-management purposes.

Subprocessors And Review Material

Hosting, backup, security, communication, payment, support, logging or analytics suppliers may act as subprocessors where they process personal data on behalf of Vikingegaarden as part of delivering Emiko.

Data processing review material can include a data processing agreement, subprocessor information, technical and organisational measures, hosting and backup descriptions, supplier assurance information, and retention or deletion information where relevant.

Procurement And Security Review

GDPR documentation can support onboarding, procurement, customer security review and data processing review. The documentation explains the relevant processing purpose, data categories, responsibility model, supplier roles and security measures at the level needed for customer assessment.